Re: So...institutionally insecure?
Or do it right.
5) Add a bit to their user table, indicating old vs new. Bcrypt the SHA-1 for old passwords. Even works if they forgot to salt their SHA-1. Doesn't require the user to login before it's secured...
1 publicly visible post • joined 29 May 2019